Aug 072023

All In One Security Tools Settings helps allows you to use some tools available to improve your security like password strength and more.

Last Updated: March 8, 2024

Latest News: Updated the documentation.

This post shows you all the different tools you can use to search, investigate and customize some of your settings. You might be getting a lot of login attempts in your site, you probably want to know who is it that is trying to access your site. WHOIS lookup tool can help you find out who they are. You might also want to know the strength of your current password Password tool can help you. The following is a list of tools you can use to help you with different options.

List of tools available

  • Password tools
  • WHOIS lookup
  • Custom .htaccess rules
  • Visitor lockout

What you need:

All In One Security Tools Settings

Step 1 ) Go to WP Security -> Tools admin sidebar menu as illustrated in the image below.


Step 2 ) The following image Tools allows you to set up the following tabs.

Tools admin tabs

  • Password tools
  • WHOIS lookup
  • Custom .htaccess rules
  • Visitor lockout


Password tool

Step 3 ) The following image Password tool allows you find out how strong is the password you want to use in your site.



Q1 Is there an ability to force secure passwords?

Solution: There isn’t a “force secure password” feature at the moment. This is something which is a candidate to be included in a future release but for now the standard WordPress feature which forces you to acknowledge the use of “weak” passwords will suffice. (Solution provided by wpsolutions.)

WHOIS lookup

Step 4 ) The following image WHOIS lookup allows you to search for an IP address or domain name. Once you have entered an IP or domain name, click on Look up IP or domain button to investigate.


Custom .htaccess rules

Step 5 ) The following image Custom .htaccess rules allows you to configure the following options.

Note: You might like to check the following URL Custom Rules to learn more about this feature.

Custom Rules Settings

  • Enable custom .htaccess rules:
  • Place custom rules at the top:
  • Enter custom .htaccess rules:
  • Click on Save custom rules button when you finish completing your settings.

Note: This tool allows you to configure any plugin settings that writes to the .htaccess file.

Warning: Only enable this feature if you know what you are doing. Adding the wrong entries in your “.htaccess” file can crash your website.


Visitor lockout

When you update your site, you might need some time to carry out all of your updates. Updates can be related to adding new plugins, adding a new theme, tweaking your current theme or something else. Lucky for you All In One WP Security has the Maintenance feature included that will help you with this. Maintenance allows you to set your site in maintenance mode while you carry out your updates.

Note: You can even make your site private if you want. The following link How To Make A WordPress Blog Private can show you how too.

Step 6 ) The following image Visitor lockout allows you to configure the following options.

Visitor Lockout

  • Enable front-end lockout: = Default message “This site is currently not available. Please try again later.”
  • Click on Save site lockout settings button once you complete this option.

The developers added the following filters to help you customize the message using CSS and HTML.

Maintenance Filters

  • aiowps-site-lockout-msg
  • aiowps-site-lockout-body
  • aiowps-site-lockout-box
  • aiowps-site-lockout-body-content


Note: When you enable the above feature you will not be able to login via wp-admin.php file. You have to log in via wp-login.php only with admin privileges. However if you enable Rename Login Page or Enable Brute Force Attack Prevention under Brute Force tab you will have to enter the secret word to log into your admin panel.

Step 6-a ) The following image illustrates the default message displayed on the site when this feature is activated.


Maintenance FAQ

Q1 Is it possible to force the server reply HTTP 200 even in maintenance mode when performing a cron?

Answer: No. Currently the maintenance mode will always reply back with Http 503. The exception to this rule is if a logged-in visitor tries to view a front-end page/post.


I hope the information above helps you manage all the different tools available in All In One Security plugin.

If you have any questions please let me know.


All In One Security (AIOS) Plugin Tutorial List

I have been working in IT since 1999 and I enjoy the challenges it brings me. I love developing websites with WordPress. I spend a lot of time helping out in forums. I have been writing tutorials since 2011. Now I am learning how to manage my own VPS "Virtual Private Server.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>



four × 4 =